[Simon Josefsson]:
IMHO it is useful if all common pitfalls that lead to security
problems are discussed.
well, I don't think this is the place for it, it would fit better in a
revision of RFC 3028, or an informational RFC.
>> For an example of a less general than expected test,
>> consider looking for Subject: containing "MAKE MONEY FAST"
>> to filter spam into a separate folder, and an incoming
>> message having a Subject: of "=?CP-1252?q?MAKE_MONEY_FAST?=.
>
> I believe that message should be filtered just fine.
How? Compare the following from RFC 3028 [2.7.2]. Assuming the
implementation does not support CP-1252, I don't see how "MAKE
MONEY FAST" and "=?CP-1252?q?MAKE_MONEY_FAST?=" would match.
oh, I assumed that an implementation would decode quoted-printable and
base64, but mark the string as "unknown charset". that seems to "do
what I want" more often.
The IDNA specification says that if IDNs are in IDN-unaware domain
name slots, it MUST be encoded as ASCII. Since the Sieve
specification does not discuss IDN, all domain name slots in Sieve
scripts are IDN-unaware.
good to know, thanks.
--
Kjetil T.